Ubuntu
rails package

rails 2.3.5-1.2ubuntu1.1 source package in Ubuntu

Changelog

rails (2.3.5-1.2ubuntu1.1) natty-security; urgency=low

  * SECURITY UPDATE: multiple cross-site scripting (XSS) vulnerabilities in
    the mail_to helper
    - Add 0001-Be-sure-to-javascript_escape-the-email-address-to-pr.patch
      from Debian and fix Debian bug #629067 by replacing .html_safe with
      html_escape()
    - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81
    - CVE-2011-0446
    - LP: #870846
  * SECURITY UPDATE: rails does not properly validate HTTP requests that
    contain an X-Requested-With header
    - Add 0002-Change-the-CSRF-whitelisting-to-only-apply-to-get-re.patch
      from Debian
    - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2d95a3cc23e03665
    - CVE-2011-0447
  * SECURITY UPDATE: multiple SQL injection vulnerabilities in the
    quote_table_name method in the ActiveRecord adapters
    - Add CVE-2011-2930.patch from Debian
    - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b
    - CVE-2011-2930
  * SECURITY UPDATE: cross-site scripting (XSS) vulnerability in the
    strip_tags helper
    - Add CVE-2011-2931.patch from Debian
    - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
    - CVE-2011-2931
  * SECURITY UPDATE: cross-site scripting vulnerability which allows remote
    attackers to inject arbitrary web script or HTML via a malformed Unicode string
    - Add CVE-2011-2932.patch, backported from upstream
    - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195
    - CVE-2011-2932
  * SECURITY UPDATE: response splitting vulnerability
    - Add CVE-2011-3186.patch from Debian
    - https://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768
    - CVE-2011-3186
 -- Felix Geyer <email address hidden>   Wed, 12 Oct 2011 20:05:02 +0200

Upload details

Uploaded by:
Felix Geyer
Sponsored by:
Marc Deslauriers
Uploaded to:
Natty
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
ruby
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Natty: [FULLYBUILT] i386

Downloads

File Size SHA-256 Checksum
rails_2.3.5.orig.tar.gz 3.0 MiB f07416a3655ef24316e6fb8bd57bf00f5b06b9d6191cec15be93d08238ed1313
rails_2.3.5-1.2ubuntu1.1.debian.tar.gz 25.3 KiB e576fa250ac709d8f5af42d8dd5fbb3d29c061cd731ccef99d4f52ff9323d923
rails_2.3.5-1.2ubuntu1.1.dsc 2.4 KiB 1963f358d1df23617d8137929664a4a0c5038422eb19facf92d4f128634f7942

View changes file

Binary packages built by this source

libactionmailer-ruby: No summary available for libactionmailer-ruby in ubuntu natty.

No description available for libactionmailer-ruby in ubuntu natty.

libactionmailer-ruby1.8: No summary available for libactionmailer-ruby1.8 in ubuntu natty.

No description available for libactionmailer-ruby1.8 in ubuntu natty.

libactionpack-ruby: No summary available for libactionpack-ruby in ubuntu natty.

No description available for libactionpack-ruby in ubuntu natty.

libactionpack-ruby1.8: No summary available for libactionpack-ruby1.8 in ubuntu natty.

No description available for libactionpack-ruby1.8 in ubuntu natty.

libactiverecord-ruby: No summary available for libactiverecord-ruby in ubuntu natty.

No description available for libactiverecord-ruby in ubuntu natty.

libactiverecord-ruby1.8: No summary available for libactiverecord-ruby1.8 in ubuntu natty.

No description available for libactiverecord-ruby1.8 in ubuntu natty.

libactiverecord-ruby1.9.1: No summary available for libactiverecord-ruby1.9.1 in ubuntu natty.

No description available for libactiverecord-ruby1.9.1 in ubuntu natty.

libactiveresource-ruby: No summary available for libactiveresource-ruby in ubuntu natty.

No description available for libactiveresource-ruby in ubuntu natty.

libactiveresource-ruby1.8: No summary available for libactiveresource-ruby1.8 in ubuntu natty.

No description available for libactiveresource-ruby1.8 in ubuntu natty.

libactivesupport-ruby: No summary available for libactivesupport-ruby in ubuntu natty.

No description available for libactivesupport-ruby in ubuntu natty.

libactivesupport-ruby1.8: No summary available for libactivesupport-ruby1.8 in ubuntu natty.

No description available for libactivesupport-ruby1.8 in ubuntu natty.

libactivesupport-ruby1.9.1: No summary available for libactivesupport-ruby1.9.1 in ubuntu natty.

No description available for libactivesupport-ruby1.9.1 in ubuntu natty.

rails: No summary available for rails in ubuntu natty.

No description available for rails in ubuntu natty.

rails-doc: No summary available for rails-doc in ubuntu natty.

No description available for rails-doc in ubuntu natty.

rails-ruby1.8: No summary available for rails-ruby1.8 in ubuntu natty.

No description available for rails-ruby1.8 in ubuntu natty.